flash

http://mail.daw.lk/rainloop/docs/abzbl9903668066esolq17vvf/

Status: finished
Submission Time: 10.02.2020 15:54:21
Malicious
E-Banking Trojan
Trojan
Evader
Emotet

Comments

Tags

Details

  • Analysis ID:
    207155
  • API (Web) ID:
    311718
  • Analysis Started:
    10.02.2020 15:56:45
  • Analysis Finished:
    10.02.2020 16:06:23
  • Technologies:
Full Report Management Report Engine Info Verdict Score Reports

malicious

System: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211

malicious
100/100

malicious
17/71

malicious

malicious

IPs

IP Country Detection
68.66.224.40
United States
205.144.171.44
United States
71.126.247.90
United States
Click to see the 2 hidden entries
13.85.72.129
United States
104.31.69.30
United States

Domains

Name IP Detection
thebluebearyhillproject.com
205.144.171.44
mail.daw.lk
68.66.224.40
sportnal.azurewebsites.net
0.0.0.0
Click to see the 2 hidden entries
teeo.highoninfo.com
104.31.69.30
waws-prod-sn1-081.cloudapp.net
13.85.72.129

URLs

Name Detection
http://mail.daw.lk/rainloop/docs/abzbl9903668066esolq17vvf/
http://themefolks.com/trendzbd/oaGZCVsJ/
http://sportnal.azurewebsites.net/calendar/Xzoo/
Click to see the 5 hidden entries
http://71.126.247.90/UOAEodt5UzLlCQ/0dW69/MxdzEiNUxNue/
http://thebluebearyhillproject.com/wp-admin/q07/
http://techotechsolution.com/wp-admin/W8m6/
http://teeo.highoninfo.com/wp-admin/1tx/
https://www.cloudflare.com/5xx-error-landing?utm_source=error_footer

Dropped files

Name File Type Hashes Detection
C:\Users\user\317.exe
data
#
C:\Users\user\Desktop\download\FE_LLZ_020120_OEP_020620.doc
0
#
C:\Users\user\AppData\Local\Microsoft\Office\OTele\winword.exe.db
SQLite 3.x database, last written using SQLite version 3019003
#
Click to see the 15 hidden entries
C:\Users\user\AppData\Local\Microsoft\Office\OTele\winword.exe.db-journal
data
#
C:\Users\user\AppData\Local\Microsoft\Office\OTele\winword.exe.db-wal
SQLite Write-Ahead Log, version 3007000
#
C:\Users\user\AppData\Local\Microsoft\Office\OTele\winword.exe.db.session
SQLite 3.x database, last written using SQLite version 3019003
#
C:\Users\user\AppData\Local\Microsoft\Office\OTele\winword.exe.db.session-journal
data
#
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
data
#
C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd
data
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gv3nqcaj.sol.ps1
ASCII text, with no line terminators
#
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_o20fdki5.ew5.psm1
ASCII text, with no line terminators
#
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO1033.acl
data
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\FE_LLZ_020120_OEP_020620.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Mon Feb 10 13:58:16 2020, mtime=Mon Feb 10 13:58:24 2020, atime=Mon Feb 10 13:58:17 2020, length=272593, window=hide
#
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
#
C:\Users\user\Desktop\cmdline.out
ASCII text, with CRLF line terminators
#
C:\Users\user\Desktop\download\~$_LLZ_020120_OEP_020620.doc
data
#
C:\Users\user\Documents\20200210\PowerShell_transcript.855271.EW+2OSy4.20200210155835.txt
UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
#